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REMARKS/ARGUMENTS 

Pending Claims 

Claims 1-6 are pending in this application. Claim 1 has been amended. No new matter 
has been added. 

Claim Rejections under 35 U.S.C. S102 and S103 

Claim 1 is rejected under 35 U.S.C. § 102(b) as being anticipated by Imai et al., U.S. 
Patent No. 5,870,467; and claims 2-6 are rejected under 35 U.S.C. § 103(a) as being 
unpatentable over Imai et al., U.S. Patent No. 5,870,467 in view of Umebayashi et al., U.S. 
Patent Publication No. 2004/0010707 Al. Applicants have amended claims 1 -3 and request 
reconsideration of the rejections in view of the amendments and for the following reasons. 

According to the present invention, a program identifier is assigned to programs in 
order to execute access control to a storage apparatus for each program. The program identifier 
is delivered to the storage apparatus or the network apparatus along with an IO command 
issued by the program. On the basis of the program identifier, the storage apparatus or the 
network apparatus determines whether or not execution of the IO command received along 
with the program identifier is allowed. Further, by the present invention, the program identifier 
is able to be delivered to the storage apparatus or the network apparatus without changing a 
protocol of communication between the computer and the storage apparatus or the network 
apparatus by embedding the program identifier in a special value included in the IO command 
or an IO request made to generate the IO command. 
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In particular, in the present invention, an original address included in an I/O request and 
a program identifier are used as inputs of a function f (x, y) to generate a new address, which is 
different from the original address, and an appended program identifier. That is, the function f 
(x, y) is a function inputting two values x and y to generate one value, i.e., a new address value 
including an appended program identifier. In this case, x and y represent the program identifier 
and the original address included in the I/O request. See page 10, lines 12-15 of the 
specification. In addition, an inverse function g (z) is also used as a function inversed to the 
function f (x, y). That is, the inverse function g (z) is a function inputting 1 value "z", i.e., the 
new address to obtain two values, i.e., the original address and the original program identifier. 
See page 13, lines 1 1-13 of the specification. In this way, a program identifier can be supplied 
to the storage apparatus or the network apparatus without changing the protocol of 
communication between the computer and the storage apparatus or the network apparatus. 

Following the generation of the original address and program identifier by the second 
function, at the next step, e.g. step 403 in Fig. 4, a network-address table 308 is searched for a 
network address (second address in claims 5 and 6) associated with the generated program 
identifier and a logical-volume identifier represented by the original address. Further, as set 
forth in claim 4, the storage apparatus determines whether or not an access to a logical volume 
existing in the storage apparatus can be made, for example by use of a determination unit, as 
shown in Fig. 3, for example. 

Imai et al. do not disclose the features of this invention, and in particular do not show 
the first function of the invention, as set forth in claim 1, and further do not show the 
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combination of the first and second functions of the invention as set forth in claims 2-4. 
Further, Imai et al. do not disclose the second function as set forth in claims 5 and 6 of the 
present invention. Applicants have amended claim 1, as well as claims 2 and 3, to clarify the 
first function in that the claims now require that the one value that is generated by the first 
function from the two input values, i.e., the program identifier and the request address, is used 
as a new address, and the new address is different from the request address. In this manner, the 
IO request is issued using the new address. 

As set forth in the record by Applicants, Imai discloses a data input/output 
management scheme for managing data input according to an input request from a program and 
data output according to an output request from a program, to protect electronic (written) data 
from unauthorized duplication. Imai finds application in the protection of written data that is 
protected by a copyright, for example. According to Imai et al., the apparatus has a protected 
data input recording unit which records program identifiers, and if the ID of a requesting 
program is recorded in the protected data input recording unit, data requested from the 
requesting program is output in accordance with the result of authentication. In particular, Imai 
discloses a mechanism for outputting data only by a permitted program, referring to recorded 
program identifiers. 

Imai's output permission judgment means (5) receives an address set in a data 
input/output request (a request address) and the identifier for identifying the program (program 
identifier); and an address set in a data input/output request that is generated permits data 
access by the output permission judgment means, which the Office Action compares to the 
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claimed new address. However, the output permission judgment means of Imai, which is 
compared to the claimed first function, and deals with only cases of an output request, as in 
"when the data input/output request received by the request reception means is a data output 
request", does not correspond to the claimed first function, 

Further, according to Imai, an address set in a data input/output request (comparable to 
a request address) is the same as the address set in a data input/output request that permits data 
access by output permission judgment means, which is compared to the claimed new address 
with the program identifier appended, according to the rejection. However, the claims have 
been amended to clarify that the claimed new address is different from an original request 
address. Accordingly, reconsideration and withdrawal of the 35 USC §102 rejection of claim 1 
is respectfully requested. Further, for the same reasons, reconsideration of the rejection of 
claims 2-4 is respectfully requested. That is, Imai does not teach or suggest the combination of 
the first and second functions set forth in claims 2-4, nor the second function of the invention as 
set forth in claims 5 and 6. 

Umebayashi is relied upon for disclosing a data protection program that is able to 
effectively restrict an unauthorized access to a resource to be protected even when the resource 
to be protected is in a state legitimately accessed by a user. According to Umebayashi, the data 
protection program determines whether data access is permitted or not from a program by 
using an access permission management table which has columns of program information and 
encryption keys. Umebayashi teaches a mechanism for restricting data access in accordance 
with the judging result by the access permission management table. However, Umebayashi 
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does not teach or suggest the claimed second function for carrying out an operation to input one 
value for generation of two output values as an operation inverse to that of the first function, 
that is to generate an original request address and a program identifier as the two output values 
from an address specified in the IO request as the new address. Further, in the present 
invention, a table associating a program identifier, a logical volume existing in the storage 
apparatus and a network address with each other is searched for a network address associated 
with the generated program identifier and a logical volume indicated by the generated original 
request address and a communication with the storage apparatus is carried out by using the 
network address as an address of a transmission originator in order to issue an IO command to 
the original request address. See claims 2-3 of the present invention. 

In Umebayashi, the network address is used as an address of a transmission originator 
in order to issue an IO command to said original request address. See the 4th embodiment of 
Umebayashi and Fig. 10 as the example of "a network-address conversion method". As 
apparent from the foregoing discussion, the combination of Imai and Umebayachi does not 
render the invention of claims 2-6 unpatentable under 35 U.S.C. § 103(a), and therefore the 
rejection should be withdrawn. 



11 



/ 



Serial No. 10/759,204 

Amendment under 37 C.F.R. §1.1 16 

Response to Final Office Action mailed July 18, 2006 



Docket No. NIT-407 



CONCLUSION 

In view of the foregoing, Applicant respectfully requests that a timely Notice of 
Allowance be issued in this case. 

Respectfully submitted, 

MATTINGLY, STANGER, MALUR & BRUNDIDGE, P.C. 



JRM/so 

Date: October 18. 2006 




John R/Mattingly 
Reg. No. 30,293 
(703) 684-1120 
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